Search Exploit

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user.

Summary: NEC's UNIVERGEA(r) SV9100 is the unified communications (UC)solution of choice for small and medium businesses (SMBs) who don'twant to be left behind. Designed to fit your unique needs, the UNIVERGESV9100 platform is a powerful communications solution that providesSMBs with the efficient, easy-to-deploy, mobile technology that theyrequire.

Desc: The gzipped telephone system configuration file 'config.gz' or'config.pcpx' that contains the unencrypted data file 'conf.pcpn',can be downloaded by an attacker from the root directory if previouslygenerated by a privileged user. Attacker can also sniff the networkand hijack the session id which resides in a GET request to furthergenerate the config file. The sessionid can also be brute-forcedbecause of its predictability containing 5-digit number. This willenable the attacker to disclose sensitive information and help herin authentication bypass, privilege escalation, system access anddenial of service via config modification.